Skip to content

Commit

Permalink
Ruff: add and fix RSE (#10093)
Browse files Browse the repository at this point in the history 
* Ruff: add and fix RSE

* Ruff: Fix RSE
  • Loading branch information
@kiblik
kiblik authored Jun 21, 2024
1 parent 9b05b10 commit e6c7767
Show file tree
Hide file tree
Showing 14 changed files with 36 additions and 35 deletions.
2 changes: 1 addition & 1 deletion dojo/api_v2/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2964,7 +2964,7 @@ def report_generate(request, obj, options):
report_name = "Finding"

else:
raise Http404()
raise Http404

result = {
"product_type": product_type,
Expand Down
6 changes: 3 additions & 3 deletions dojo/authorization/authorization.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,17 +243,17 @@ def user_has_global_permission(user, permission):

def user_has_configuration_permission_or_403(user, permission):
if not user_has_configuration_permission(user, permission):
raise PermissionDenied()
raise PermissionDenied


def user_has_permission_or_403(user, obj, permission):
if not user_has_permission(user, obj, permission):
raise PermissionDenied()
raise PermissionDenied


def user_has_global_permission_or_403(user, permission):
if not user_has_global_permission(user, permission):
raise PermissionDenied()
raise PermissionDenied


def get_roles_for_permission(permission):
Expand Down
2 changes: 1 addition & 1 deletion dojo/decorators.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ def _wrapped(request, *args, **kw):
dojo_user = Dojo_User.objects.filter(username=username).first()
if dojo_user:
Dojo_User.enable_force_password_reset(dojo_user)
raise Ratelimited()
raise Ratelimited
return fn(request, *args, **kw)
return _wrapped
return decorator
8 changes: 4 additions & 4 deletions dojo/engagement/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@
def engagement_calendar(request):

if not get_system_setting('enable_calendar'):
raise Resolver404()
raise Resolver404

if 'lead' not in request.GET or '0' in request.GET.getlist('lead'):
engagements = get_authorized_engagements(Permissions.Engagement_View)
Expand Down Expand Up @@ -1205,7 +1205,7 @@ def add_risk_acceptance(request, eid, fid=None):
finding = get_object_or_404(Finding, id=fid)

if not eng.product.enable_full_risk_acceptance:
raise PermissionDenied()
raise PermissionDenied

if request.method == 'POST':
form = RiskAcceptanceForm(request.POST, request.FILES)
Expand Down Expand Up @@ -1283,7 +1283,7 @@ def view_edit_risk_acceptance(request, eid, raid, edit_mode=False):
eng = get_object_or_404(Engagement, pk=eid)

if edit_mode and not eng.product.enable_full_risk_acceptance:
raise PermissionDenied()
raise PermissionDenied

risk_acceptance_form = None
errors = False
Expand Down Expand Up @@ -1455,7 +1455,7 @@ def reinstate_risk_acceptance(request, eid, raid):
eng = get_object_or_404(Engagement, pk=eid)

if not eng.product.enable_full_risk_acceptance:
raise PermissionDenied()
raise PermissionDenied

ra_helper.reinstate(risk_acceptance, risk_acceptance.expiration_date)

Expand Down
12 changes: 6 additions & 6 deletions dojo/finding/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1212,7 +1212,7 @@ def post(self, request: HttpRequest, finding_id):
# Handle the case of a successful form
if success:
return redirect_to_return_url_or_else(request, reverse("view_test", args=(finding.test.id,)))
raise PermissionDenied()
raise PermissionDenied


@user_is_authorized(Finding, Permissions.Finding_Edit, "fid")
Expand Down Expand Up @@ -1500,7 +1500,7 @@ def apply_template_cwe(request, fid):
extra_tags="alert-danger",
)
else:
raise PermissionDenied()
raise PermissionDenied


@user_is_authorized(Finding, Permissions.Finding_Edit, "fid")
Expand Down Expand Up @@ -1614,7 +1614,7 @@ def simple_risk_accept(request, fid):
finding = get_object_or_404(Finding, id=fid)

if not finding.test.engagement.product.enable_simple_risk_acceptance:
raise PermissionDenied()
raise PermissionDenied

ra_helper.simple_risk_accept(finding)

Expand Down Expand Up @@ -1741,7 +1741,7 @@ def clear_finding_review(request, fid):
# the review or one of the users requested to provide the review, then
# do not allow the user to clear the review.
if user != finding.review_requested_by and user not in finding.reviewers.all():
raise PermissionDenied()
raise PermissionDenied

# in order to clear a review for a finding, we need to capture why and how it was reviewed
# we can do this with a Note
Expand Down Expand Up @@ -2058,7 +2058,7 @@ def delete_stub_finding(request, fid):
extra_tags="alert-danger",
)
else:
raise PermissionDenied()
raise PermissionDenied


@user_is_authorized(Stub_Finding, Permissions.Finding_Edit, "fid")
Expand Down Expand Up @@ -2442,7 +2442,7 @@ def delete_template(request, tid):
extra_tags="alert-danger",
)
else:
raise PermissionDenied()
raise PermissionDenied


def download_finding_pic(request, token):
Expand Down
2 changes: 1 addition & 1 deletion dojo/metrics/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -903,7 +903,7 @@ def view_engineer(request, eid):
user = get_object_or_404(Dojo_User, pk=eid)
if not (request.user.is_superuser
or request.user.username == user.username):
raise PermissionDenied()
raise PermissionDenied
now = timezone.now()

findings = Finding.objects.filter(reporter=user, verified=True)
Expand Down
2 changes: 1 addition & 1 deletion dojo/notifications/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ def get_notifications(self, request: HttpRequest):

def check_user_permissions(self, request: HttpRequest):
if not request.user.is_superuser:
raise PermissionDenied()
raise PermissionDenied

def get_form(self, request: HttpRequest, notifications: Notifications):
# Set up the args for the form
Expand Down
6 changes: 3 additions & 3 deletions dojo/product/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -839,7 +839,7 @@ def import_scan_results_prod(request, pid=None):

def new_product(request, ptid=None):
if get_authorized_product_types(Permissions.Product_Type_Add_Product).count() == 0:
raise PermissionDenied()
raise PermissionDenied

jira_project_form = None
error = False
Expand Down Expand Up @@ -1822,7 +1822,7 @@ def edit_api_scan_configuration(request, pid, pascid):

if product_api_scan_configuration.product.pk != int(
pid): # user is trying to edit Tool Configuration from another product (trying to by-pass auth)
raise Http404()
raise Http404

if request.method == 'POST':
form = Product_API_Scan_ConfigurationForm(request.POST, instance=product_api_scan_configuration)
Expand Down Expand Up @@ -1868,7 +1868,7 @@ def delete_api_scan_configuration(request, pid, pascid):

if product_api_scan_configuration.product.pk != int(
pid): # user is trying to delete Tool Configuration from another product (trying to by-pass auth)
raise Http404()
raise Http404

if request.method == 'POST':
form = Product_API_Scan_ConfigurationForm(request.POST)
Expand Down
10 changes: 5 additions & 5 deletions dojo/reports/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ def post(self, request: HttpRequest) -> HttpResponse:
self._set_state(request)
return render(request, self.get_template(), self.get_context())
else:
raise PermissionDenied()
raise PermissionDenied

def _set_state(self, request: HttpRequest):
self.request = request
Expand Down Expand Up @@ -149,7 +149,7 @@ def get_template(self):
elif self.report_format == 'HTML':
return 'dojo/custom_html_report.html'
else:
raise PermissionDenied()
raise PermissionDenied

def get_context(self):
return {
Expand Down Expand Up @@ -360,7 +360,7 @@ def product_endpoint_report(request, pid):
'title': 'Generate Report',
})
else:
raise Http404()
raise Http404

product_tab = Product_Tab(product, "Product Endpoint Report", tab="endpoints")
return render(request,
Expand Down Expand Up @@ -599,7 +599,7 @@ def generate_report(request, obj, host_view=False):
'host': report_url_resolver(request),
'user_id': request.user.id}
else:
raise Http404()
raise Http404

report_form = ReportOptionsForm()

Expand Down Expand Up @@ -655,7 +655,7 @@ def generate_report(request, obj, host_view=False):
})

else:
raise Http404()
raise Http404
paged_findings = get_page_items(request, findings.qs.distinct().order_by('numerical_severity'), 25)

product_tab = None
Expand Down
2 changes: 1 addition & 1 deletion dojo/risk_acceptance/helper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@ def prefetch_for_expiration(risk_acceptances):

def simple_risk_accept(finding, perform_save=True):
if not finding.test.engagement.product.enable_simple_risk_acceptance:
raise PermissionDenied()
raise PermissionDenied

logger.debug('accepting finding %i:%s', finding.id, finding)
finding.risk_accepted = True
Expand Down
8 changes: 4 additions & 4 deletions dojo/survey/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -377,7 +377,7 @@ def edit_questionnaire_questions(request, sid):
survey = get_object_or_404(Engagement_Survey, id=sid)
if not user_has_configuration_permission(request.user, 'dojo.add_engagement_survey') and \
not user_has_configuration_permission(request.user, 'dojo.change_engagement_survey'):
raise PermissionDenied()
raise PermissionDenied

answered_surveys = Answered_Survey.objects.filter(survey=survey)
reverted = False
Expand Down Expand Up @@ -548,15 +548,15 @@ def edit_question(request, qid):
elif type == 'dojo | choice question':
form = EditChoiceQuestionForm(instance=question)
else:
raise Http404()
raise Http404

if request.method == 'POST':
if type == 'dojo | text question':
form = EditTextQuestionForm(request.POST, instance=question)
elif type == 'dojo | choice question':
form = EditChoiceQuestionForm(request.POST, instance=question)
else:
raise Http404()
raise Http404

if form.is_valid():
form.save()
Expand Down Expand Up @@ -759,7 +759,7 @@ def answer_empty_survey(request, esid):
'You must be logged in to answer questionnaire. Otherwise, enable anonymous response in system settings.',
extra_tags='alert-danger')
# will render 403
raise PermissionDenied()
raise PermissionDenied

questions = [
q.get_form()(
Expand Down
2 changes: 1 addition & 1 deletion dojo/test/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -402,7 +402,7 @@ def copy_test(request, tid):
def test_calendar(request):

if not get_system_setting('enable_calendar'):
raise Resolver404()
raise Resolver404

if 'lead' not in request.GET or '0' in request.GET.getlist('lead'):
tests = get_authorized_tests(Permissions.Test_View)
Expand Down
8 changes: 4 additions & 4 deletions dojo/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def action_history(request, cid, oid):
ct = ContentType.objects.get_for_id(cid)
obj = ct.get_object_for_this_type(pk=oid)
except (KeyError, ObjectDoesNotExist):
raise Http404()
raise Http404

product_id = None
active_tab = None
Expand Down Expand Up @@ -136,7 +136,7 @@ def manage_files(request, oid, obj_type):
user_has_permission_or_403(request.user, obj, Permissions.Finding_Edit)
obj_vars = ('view_finding', 'finding_set')
else:
raise Http404()
raise Http404

files_formset = ManageFileFormSet(queryset=obj.files.all())
error = False
Expand Down Expand Up @@ -194,7 +194,7 @@ def manage_files(request, oid, obj_type):
def protected_serve(request, path, document_root=None, show_indexes=False):
file = FileUpload.objects.get(file=path)
if not file:
raise Http404()
raise Http404
object_set = list(file.engagement_set.all()) + list(file.test_set.all()) + list(file.finding_set.all())
# Should only one item (but not sure what type) in the list, so O(n=1)
for obj in object_set:
Expand All @@ -218,7 +218,7 @@ def access_file(request, fid, oid, obj_type, url=False):
obj = get_object_or_404(Finding, pk=oid)
user_has_permission_or_403(request.user, obj, Permissions.Finding_View)
else:
raise Http404()
raise Http404
# If reaching this far, user must have permission to get file
file = get_object_or_404(FileUpload, pk=fid)
redirect_url = f'{settings.MEDIA_ROOT}/{file.file.url.lstrip(settings.MEDIA_URL)}'
Expand Down
1 change: 1 addition & 0 deletions ruff.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ select = [
"LOG",
"INP",
"SLOT",
"RSE",
"PD",
"PGH",
"TRY003",
Expand Down

0 comments on commit e6c7767

Please sign in to comment.